vastai

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and flags that instruct embedding API keys, tokens, and passwords directly in commands or env vars (e.g., --api-key KEY, --env '-e HF_TOKEN=hf_xxx', --docker_login_pass PASS), which would require the agent/LLM to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's CLI and SDK explicitly fetch and act on live data from Vast.ai's public APIs (see SKILL.md commands like "vastai search offers" and "vastai create instance" and code paths that call endpoints such as /bundles/, /template/, and the docs URL https://docs.vast.ai/llms.txt), which can contain user-generated offers/templates/readmes/onstart scripts that the agent reads and uses to choose or launch instances—so untrusted third-party content can materially influence actions.